The Evolving U.S. Cybersecurity Landscape: What Firms Want to Know

Following a year of high-profile data breaches, the Securities and Exchange Commission (SEC) announced on January 13, 2015 that, for the second consecutive year, its Office of Compliance Inspections and Examinations (OCIE) priorities would include a focus on cybersecurity controls. The same day, the Obama Administration (Administration) announced two cybersecurity legislative proposals of importance to the financial services industry. Given this expanding focus on cybersecurity, this article: (i) addresses the results of OCIE’s 2014 cybersecurity examination sweep and discusses OCIE’s second wave of cybersecurity exams; (ii) summarizes the Administration's recent legislative proposals; and (iii) suggests questions firms may wish to consider in response to these important developments.